Windows Memory Acquisition and Analysis

In this chapter, we will cover the following recipes:

• Windows memory acquisition with Belkasoft RAM Capturer
• Windows memory acquisition with DumpIt
• Windows memory image analysis with Belkasoft Evidence Center
• Windows memory image analysis with Volatility
• Variations in Windows versions